User location information collected by Islamic apps may have been resold to governmental organizations

Motherboard, an IT news site, said that a smartphone app used by Muslims for daily prayer acquisitions of users' location information, collects user information and sends it to data brokers that sell to public institutions. I am reporting.

More Muslim Apps Worked with X-Mode, Which Sold Data to Military Contractors
https://www.vice.com/en/article/epdkze/muslim-apps-location-data-military-xmode

We Analyzed 450 Apps and Found Location Trackers in Every One | ExpressVPN
https://www.expressvpn.com/blog/digital-security-lab-location-trackers-smartphone-apps-research/

Location broker X-Mode continues to track users despite app store bans | TechCrunch
https://techcrunch.com/2021/01/28/x-mode-location-google-apple-ban/

Motherboard reported on November 18, 2020 that the US military is collecting location information for various apps. Research has shown that the user location information collected by the Muslim Pro and Salaat First apps, which have been downloaded more than 98 million times, was sent to the U.S. military via the data broker X-Mod. ..

It turns out that the military is buying up the location information collected from the app-GIGAZINE

Muslim Pro and Salaat First are apps that tell you the time and direction of worship because Muslims worship in the direction of Mecca five times a day at a fixed time, and for Muslims using smartphones. It has become an indispensable part of everyday life.

In addition, as a result of investigation by Sean O'Brien and others of the security research institute ' ExpressVPN Digital Security Lab ', user data acquired by similar Muslim apps ' Prayer Times ' ' Qibla Finder ' ' Qibla Compass ' is also available. It turned out that it had been transferred to X-Mode.

The New York Times also reported on January 25 that the Defense Intelligence Agency (DIA) has purchased a database containing location information from X-Mode to monitor civilian movements without a warrant.

It is clear that the US government purchased location information data of smartphones without a warrant --GIGAZINE

From these, Motherboard suggests that location data collected from Muslim apps may be resold to multiple governmental organizations through vendors.

Motherboard actually downloaded past versions of the app from the archive site and ran it on an Android smartphone to intercept the traffic of the app. As a result, it turned out that the location information was sent to X-Mode in the version that was delivered in 2020.

In addition, since data transfer to X-Mode was prohibited by Apple and Google in December 2020, in the version at the time of article creation, all five problem apps transfer location information to X-Mode. Is not ...

Apple and Google eliminate apps that use 'software that provides user location information to the military'-GIGAZINE

In addition, according to IT news site TechCrunch, the New York subway map app has indicated in its privacy policy that it is seeking permission to send data to X-Mode for advertising and market research . .. Immediately after TechCrunch asked app maker Desonline for comment, the wording about X-Mode was removed from its privacy policy.

X-Mode CEO Josh Anton said, 'The ban on the X-Mode software development kit (SDK) is broader given that X-Mode collected the same data as most advertising SDKs. There is an impact on the ecosystem. Apple and Google have the ability to collect and use mobile app data, even when publishers have consented to secondary use of location collection and use. We set a precedent for making decisions. '

However, Motherboard uses the Qibla Finder as an example to point out that data transmission to X-Mode was started before the consent to the privacy policy was displayed.

When Motherboard asked Apple and Google for their opinions on the transfer of information to X-Mode, they said that they did not comment. In addition, Apple has announced that an iOS update coming in the spring of 2021 will allow users to confirm permission for tracking by the app.